9994b9e197b422529221de7238dc0e44ae21e66d78c48355f31837c3696ec90e

Analysis

max time kernel
124s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
Size

898KB
MD5

c2647ed78c0ea89aef2c32aa4e0f7770
SHA1

9be41ba2467fc53a7eb5d34ed15bf11e392e89d0
SHA256

6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6
SHA512

959c8a7f5ad8387200736043649c814ebd5948a25f0878d6d6cbb18396762959d13878a7002c2303abdab5a0fb54381aa3318529568717aff6c784a721d6abdf
SSDEEP

12288:1qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/TH:1qDEvCTbMWu7rQYlBQcBiT6rprG8abH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2844	taskkill.exe
2560	taskkill.exe
1624	taskkill.exe
2664	taskkill.exe
2592	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2664	taskkill.exe
Token: SeDebugPrivilege	2592	taskkill.exe
Token: SeDebugPrivilege	2844	taskkill.exe
Token: SeDebugPrivilege	2560	taskkill.exe
Token: SeDebugPrivilege	1624	taskkill.exe
Token: SeDebugPrivilege	1092	firefox.exe
Token: SeDebugPrivilege	1092	firefox.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1092	firefox.exe
1092	firefox.exe
1092	firefox.exe
1092	firefox.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
1092	firefox.exe
1092	firefox.exe
1092	firefox.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2664	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	30
PID 2168 wrote to memory of 2664	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	30
PID 2168 wrote to memory of 2664	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	30
PID 2168 wrote to memory of 2664	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	30
PID 2168 wrote to memory of 2592	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	33
PID 2168 wrote to memory of 2592	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	33
PID 2168 wrote to memory of 2592	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	33
PID 2168 wrote to memory of 2592	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	33
PID 2168 wrote to memory of 2844	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	35
PID 2168 wrote to memory of 2844	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	35
PID 2168 wrote to memory of 2844	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	35
PID 2168 wrote to memory of 2844	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	35
PID 2168 wrote to memory of 2560	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	37
PID 2168 wrote to memory of 2560	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	37
PID 2168 wrote to memory of 2560	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	37
PID 2168 wrote to memory of 2560	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	37
PID 2168 wrote to memory of 1624	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	39
PID 2168 wrote to memory of 1624	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	39
PID 2168 wrote to memory of 1624	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	39
PID 2168 wrote to memory of 1624	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	39
PID 2168 wrote to memory of 1896	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	41
PID 2168 wrote to memory of 1896	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	41
PID 2168 wrote to memory of 1896	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	41
PID 2168 wrote to memory of 1896	2168	6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe	41
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1896 wrote to memory of 1092	1896	firefox.exe	42
PID 1092 wrote to memory of 2340	1092	firefox.exe	43
PID 1092 wrote to memory of 2340	1092	firefox.exe	43
PID 1092 wrote to memory of 2340	1092	firefox.exe	43
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44
PID 1092 wrote to memory of 2384	1092	firefox.exe	44

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe
"C:\Users\Admin\AppData\Local\Temp\6c4bf8dc2f2c1cccb9a2470f1610c11397fe168e55972eb0aaee7e77afd5d3d6.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2664
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2592
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2844
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2560
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1624
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1092.0.184730349\1060563089" -parentBuildID 20221007134813 -prefsHandle 1260 -prefMapHandle 1252 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb4870cf-ba9e-4c7c-a519-414d8e8c4539} 1092 "\\.\pipe\gecko-crash-server-pipe.1092" 1368 10ad7758 gpu
      4⤵
      PID:2340
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1092.1.552807935\996074348" -parentBuildID 20221007134813 -prefsHandle 1536 -prefMapHandle 1532 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fb7a48f-b6ad-46e9-8cb7-3c1c4e3650ef} 1092 "\\.\pipe\gecko-crash-server-pipe.1092" 1548 10a05658 socket
      4⤵
      PID:2384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1092.2.1561441999\2076410572" -childID 1 -isForBrowser -prefsHandle 2100 -prefMapHandle 2096 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 724 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b66e58e9-0996-469a-842f-a35567af047e} 1092 "\\.\pipe\gecko-crash-server-pipe.1092" 2112 19474f58 tab
      4⤵
      PID:2000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1092.3.1882431919\505521479" -childID 2 -isForBrowser -prefsHandle 2788 -prefMapHandle 2784 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 724 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54c48ff4-2be6-425a-b2e6-650abb5b8799} 1092 "\\.\pipe\gecko-crash-server-pipe.1092" 2812 d5d258 tab
      4⤵
      PID:2940
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1092.4.1672909316\1774367812" -childID 3 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 724 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23d991b9-0078-49a4-bc7c-fb78dc8815ec} 1092 "\\.\pipe\gecko-crash-server-pipe.1092" 3868 21ec2258 tab
      4⤵
      PID:2224
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1092.5.478574672\434697503" -childID 4 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 724 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd040f52-4a4e-4df7-9084-f20ad345a878} 1092 "\\.\pipe\gecko-crash-server-pipe.1092" 3988 21ec0758 tab
      4⤵
      PID:992
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1092.6.1418471859\1422950085" -childID 5 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 724 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bfe7d19-28bd-46d4-958d-714beb7a6727} 1092 "\\.\pipe\gecko-crash-server-pipe.1092" 4140 21ebfe58 tab
      4⤵
      PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhg31lui.default-release\activity-stream.discovery_stream.json.tmp

Filesize
32KB

MD5
3ca119af988410cb8a391121b39c9d3d

SHA1
558dd95516b640ddeda8822796675fa915663902

SHA256
0a537f226f7fcf4bb1a457eb42d31ab9f6d398a7e2b2f8de947ca5111e3ae687

SHA512
09261f4b0a8ccd4bb59ef5ba8042df8052f9725353a6bd5e79632d43074a271b946057f6c1fa2fb107d452b118df4a15fdb20376c35d4d0fe84b495af5e04db2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhg31lui.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ca83be361eed64e253d87bb53f1bb5ee

SHA1
68a98ad00ec252a4ae9d795dd33fb3fd982a8fdc

SHA256
ff26f95c9811406bffd6bbceed6c00fa6327e964c526843f16b951e5fa7cc2da

SHA512
93e9044f1a009364f33596c484600718862b371ba6ef9a870511d537f5e90ba33c0e514e01414a8aeb309141e6bf81f6ab7d48de210c6bee5ff08e02628329d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\datareporting\glean\pending_pings\deae363b-5102-4e7a-8513-d721d2372922

Filesize
11KB

MD5
104b4e390ccb9ec474907e2f6a7e769c

SHA1
4b085504777501cc5ae161006aff4172568828da

SHA256
a0eaa64b7ea122c155634ab960111747da2e585343ea6c82ef3f89b98401add7

SHA512
93e98f98c98765df87da8b8b39808fd7215a93b4ddf2cd2cadfa612e17043769038c55c894a0f98ca4900b7bcf4325719f5e406269c986130e171be1283c7af3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\datareporting\glean\pending_pings\f5823b7f-b6c2-493f-bbc0-2897c0d5bf3b

Filesize
745B

MD5
18577f90685b1a9de37b173c6306709f

SHA1
983776a339f1cb2a7b09be2cad4adcd5e9dd95d2

SHA256
e5000254ba85adfd5583873dd615b62ae0db5cf45292ad9739f1c9d5b831b868

SHA512
4478ef26be4d5ae62501748fa5e28a3dd54d31f50972645c8986a12f370b32b3fd4211cc4e705029eba95bbec334d50558a491b92b44785d520e764197b9ec1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\prefs-1.js

Filesize
6KB

MD5
ff966bc31fc9b736a612e0cdf94fb70a

SHA1
0feb9be8f215f135c293483e1aa52e27ac62d5b5

SHA256
e3543cb473e0002243dd029338c697f275455c525ee12c0d0c195a243b5dcab4

SHA512
edc60cf1ed9623b50190b667d7545a34fc58425dc1ee61534100c6f97689c749a291898fa09bd08c52171ba87a8b3e038d68632a725198a8b79e8eba596223cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\prefs-1.js

Filesize
7KB

MD5
f9d242401407763a246c782bb492d0c4

SHA1
f987741b6dcf1bb0d608e72c6b4c9cd453a64cc2

SHA256
b681f2c43901e7b2dbc113051d552e5e7dac1a2869f3ee5bed470e2a45df884e

SHA512
e1fee5e96d2fc64e3bbd83d21fd2cf67f56499e2416c479cf30414228057d8a73297c727a423c49f1cfdc5f03b3a42875ee9e84ca8b0f7487f332c37adb01738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\prefs-1.js

Filesize
7KB

MD5
0af708436f0fe08ec95ce90cb9e09036

SHA1
9c8ce2bac118c4441771560935135b64cbed624c

SHA256
71d8a8a6ebf25f23fa3f8556709dad2a680207957c6b833b3375e2d99003a3c6

SHA512
8a4c05b494d90b92fd0f04501a9f9d6685136f2747c53b8c5bff2fe0706648b86767c5e251647598a0d1580f026821dfeb4f7816a8a3baee5967067d3d03b2e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\prefs-1.js

Filesize
6KB

MD5
4ae6956457d909d71a7ab621cab71535

SHA1
775242e4aeae646eb00796d3c81f92f6e6db7175

SHA256
8d2fab90224e8bed791692dea57fb70bfdae82006811c7c39d0bf40b27330233

SHA512
342e8e71741b471afd0a610ddffbc38f3d39d0069e136572a55a5bfff1a24744fc1c5863fcd7ff9b63714714c3468c22ea620b06f0e850eb5e51a08f9a279b0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
68d112553aa50f17e756531265095054

SHA1
4b3c319870ed43b88bf6f062ef29055a6c41e283

SHA256
190d6915393920be65a2bca9930876514d1ec8d5316cfc7edba01c00ded4ae11

SHA512
2e9d4b3cc844682b173623e5360cdf4798fefa9a6f52f3525f02e24da8c2c6f8b84c226a6289237a6b3327e6f68811689ca2407d19c42fee873d6462aef33ed2

Download Submit